On Fri, Nov 09, 2012 at 10:56:21AM +0100, Ondrej Valousek wrote: > I would like to get a similar functionality as for netgroups - i.e. who can > login where and from where using which mechanism. > HBAC only offers possibility to control who can login where, I suppose, right? > > If I wanted to also control the from where and which mechanism (i.e. > ssh/telnet/nfs) then only netgroups will help me right?
HBAC also covers the mechanism (in HBAC it is called service). To alos get the 'from where' you have to set ipa_hbac_support_srchost in sssd.conf. Please note that determine the source host is not reliable and depends on the PAM clients (sshd, telnetd, nfsd...). HTH bye, Sumit > > Thanks, > Ondrej > > On 11/08/2012 10:05 PM, Dmitri Pal wrote: > >Jakub jumped to conclusion that this is for access control but it might > >be better to ask: what is the use case? > > > >IPA provides a host grouping mechanism but no software other than SSSD > >understands hosts and host groups yet. > >So what do you want to accomplish? > > > >Netgroups can also come over LDAP, this is what IPA is capable of. You > >are not required to use NIS server and protocol for netgroups. > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
